BeyondTrust launches Secrets Insights to tackle hidden identity risks
According to recent Identity Security Risk Assessments completed by BeyondTrust across various industries and organisational sizes, significant gaps have been discovered in current identity security postures.
The findings reveal dormant service accounts with privilege in more than 70% of assessed environments.
Additional issues include overly permissive Entra Service Principals, which can create direct pathways to Global Admin privileges, thereby endangering Microsoft 365 environments.
The assessments also found that credentials are frequently reused across multiple service accounts by administrators, compounding the risks posed by a single compromised password.
In the realm of privilege escalation, the report observes that low-privileged users are able to gain administrative access across Active Directory, Entra, AWS, Okta, and GitHub due to hidden escalation paths rooted in configuration errors, federation processes, and synchronisation.
AD Service accounts that connect on-premises and cloud environments, particularly those with privileged Entra roles, were also identified as potential cross-platform attack vectors.
The review highlighted further weaknesses, such as inadequate GitHub repository access management. This can lead to uncontrolled and unauthorised access to sensitive code and secrets, with personal GitHub accounts exacerbating the risk. "These identity infrastructure issues aren't just misconfigurations, they're invitations. Our Identity Security Risk Assessment data shows that many organisations lack the complete story when it comes to their identity attack surface. For many, overlooked hygiene issues silently open the door to attackers. And with the rise of Agentic AI, the stakes have never been higher, especially as most organisations lack visibility into how compromised accounts can be leveraged to seize control of application secrets, which often carry elevated privileges," said Marc Maiffret, CTO at BeyondTrust.
Agentic AI systems, which autonomously interface with infrastructure and provision access, are predicted to amplify the risks associated with unmanaged secrets and non-human identities.
As organisations adopt these AI-driven systems, the potential for abuse of hidden privileges and secrets grows, underscoring the need for enhanced oversight.
The new Secrets Insights feature is intended to provide this visibility.
It builds upon the existing capabilities of BeyondTrust's Identity Security Insights platform, which allows organisations to monitor identity risk across Active Directory, Entra ID, AWS, Azure, Google Cloud Platform, Okta, Ping Identity, and GitHub.
With Secrets Insights, users can discover API keys, service account credentials, tokens, and similar assets across both cloud and on-premises setups, including within vaults, thereby mapping previously unmonitored access vectors.
Key benefits
Secrets Insights offers a number of core functions: discovery of unmanaged secrets throughout cloud and on-premises environments; identification of users with both direct and indirect access to these secrets; risk scoring and prioritisation focused on levels of exposure and privilege; and integration with BeyondTrust Password Safe, which automates remediation tasks.
Maiffret commented on the next steps for the sector: "As organisations embrace automation and Agentic AI, securing the invisible layers of access - secrets, tokens, and service identities - will define the next frontier of identity security."
Secrets Insights is scheduled to become available later this year.
As part of its ongoing initiatives, BeyondTrust provides complimentary Identity Security Risk Assessments for qualified organisations.
These assessments can be completed in under 48 hours and are intended to help organisations identify hidden privileges and secret-related risks, supporting steps towards reducing standing privilege and enabling just-in-time access.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
3 days ago
- Techday NZ
Sophos & Rubrik launch integrated Microsoft 365 backup service
Sophos and Rubrik have announced a partnership to deliver a Microsoft 365 cyber resilience solution aimed at protecting businesses from the risks of ransomware, account compromise, insider threats, and data loss across popular Microsoft applications. The new solution, Sophos M365 Backup and Recovery Powered by Rubrik, marks the first Managed Detection and Response (MDR)-optimised Microsoft 365 backup and recovery service to be fully integrated within Sophos Central, the company's security operations platform. It is designed to allow IT and cybersecurity teams to access a unified global platform for enhanced cyber defence and recovery operations. Integration with Sophos Central The service is intended as a new add-on for Sophos' more than 75,000 MDR and XDR customers, enabling the rapid and secure restoration of Microsoft 365 data in the event of accidental deletion or malicious activity. The solution integrates Rubrik's SaaS-based data protection directly with the Sophos Central platform, which assimilates over 350 different telemetry sources from endpoint, cloud, network, identity, email, and business applications. Joe Levy, Chief Executive Officer at Sophos, commented: "We are reshaping what it means to stay operational in a world shaped by constant digital disruption. This is the future of cyber resilience: an intelligent, adaptive partnership that ensures organizations remain secure, responsive, and uninterrupted. By combining Sophos' prevention-first approach with Rubrik's unwavering recovery capabilities, we empower businesses to withstand attacks and maintain continuity, even under pressure." The new offering is underpinned by a prevention-first strategy combined with Rubrik's recovery technologies to address the increasing frequency and sophistication of security incidents impacting business continuity. Features and functionality Sophos M365 Backup and Recovery facilitates the restoration of data for SharePoint, Exchange, OneDrive, and Teams users. The integration with Sophos Central aims to streamline protection and recovery without the need for additional tools. The platform is detailed as leveraging deep learning, custom large language models (LLMs), and frontier models to better detect and respond to threats across a wide attack surface. Bipul Sinha, Chief Executive Officer, Chairman, and Co-founder of Rubrik, said: "The reality of today's threat landscape demands a holistic approach to cyber resilience. With AI-enabled attacks and sophisticated breaches on the rise, organizations need more than just prevention; they need the ability to recover rapidly and reliably. Our partnership with Sophos delivers this critical capability directly within a platform security teams already use and trust, raising the bar for Microsoft 365 resilience." The joint solution promises immutable backups isolated using air-gapped storage, WORM (Write Once Read Many) locks, and encryption keys controlled by the customer. Multi-factor authentication and other measures are said to prevent unauthorised tampering, even if credentials are compromised. Customers can restore Microsoft 365 components to original or alternate user accounts, including those that are inactive, to support diverse recovery scenarios. The product also automates protection across the Microsoft 365 estate by discovering new users, sites, and mailboxes, applying Entra ID-based policies, and supporting delegated administration - all managed from the Sophos Central interface. Addressing the threat landscape Research highlighted by both companies signals an urgent requirement for reinforced Microsoft 365 data defences. According to The State of Ransomware report from Sophos, almost half of ransomware-impacted organisations paid ransoms to recover data, but only 54% relied on backups for restoration. Other studies cited reveal that 60% of Microsoft 365 tenants have faced account takeovers and 81% suffered email compromise, exposing businesses to significant operational risk when retention policies or admin credentials are breached. Both Sophos MDR and XDR customers will have access to this backup and recovery feature, structured to close the gap between prevention and recovery for critical business data stored in cloud environments. The aim is to provide what the companies articulate as speed, granularity, and reliability when restoring information following security incidents. The collaboration is part of Sophos and Rubrik's stated commitment to help organisations manage risk confidently and recover from breaches or data loss with minimal disruption. This service will be available through Sophos' channel partner network in the coming months.
Techday NZ
3 days ago
- Techday NZ
Abnormal AI launches updated Microsoft 365 security solution
Abnormal AI has launched an updated Security Posture Management product aimed at providing AI-driven protection, automated prioritisation, and remediation guidance for Microsoft 365 environments. The company's revised offering addresses the challenges created by increasingly complex Microsoft 365 ecosystems, where accidental misconfigurations are contributing to cloud email vulnerabilities. The proliferation of third-party applications, an expanding layer of settings, and dispersed administrative responsibilities within organisations have resulted in potential blind spots and inadvertent security gaps. Previously, such vulnerabilities have reportedly been exploited by threat groups including Midnight Blizzard. Abnormal AI states that its extensive integration with Microsoft 365, coupled with its experience in counteracting advanced email threats, enables it to uncover configuration risks that might otherwise go undetected. The new add-on component for Security Posture Management is designed to continuously identify misconfigurations spanning users, applications, and tenants, providing security teams with actionable visibility and enhanced control. The company highlights three principal features of the updated product: comprehensive visibility, automated prioritisation, and remediation guidance. According to Abnormal AI, the solution continuously uncovers risky Microsoft 365 misconfigurations using CIS benchmarks and Abnormal's own threat intelligence. Automated prioritisation is intended to ensure that the most critical risks, based on their impact, prevalence, and relevance to the organisation's environment, are addressed first. Remediation guidance offers clear instructions for resolving identified issues, aiming to eliminate the need for manual audits or custom scripting. "Thousands of organisations rely on Abnormal to stop email-based attacks like phishing and account compromise. But attackers are also exploiting misconfigurations to bypass phishing defences," said Evan Reiser, CEO of Abnormal AI. "Because we already integrate deeply with Microsoft 365 to protect inbound email, we can extend our API-based architecture to detect these hidden risks. Security Posture Management gives security teams continuous visibility into misconfiguration risks across their entire Microsoft 365 environment." The latest enhancement to Security Posture Management arrives as businesses continue to face a fluid threat landscape, particularly around widespread platforms such as Microsoft 365. With increasing adoption of cloud-based collaboration tools, proper configuration has become a central focus for security teams seeking to mitigate the risk of account compromise and unauthorised access. Abnormal AI describes its platform architecture as supporting quick deployment through API integration with both Microsoft 365 and Google Workspace, as well as other cloud applications including Slack, Workday, ServiceNow, and Zoom. The firm reports that its services are presently used by more than 3,200 organisations worldwide, including a substantial segment of the Fortune 500. The company has stated that its anomaly detection engine leverages a range of contextual signals to analyse risk on every cloud email event, supporting the detection and blocking of socially-engineered attacks. This is positioned as part of a broader trend within cybersecurity that leverages artificial intelligence and machine learning to counter increasingly sophisticated attack techniques. Abnormal AI has indicated that additional demonstrations of its Security Posture Management capabilities, including the updated features, are being made available to interested parties and customers. Further details are available from the company upon request.
Techday NZ
4 days ago
- Techday NZ
Master of the trade tools: The case for becoming a power user
Just like builders are great with a hammer, and painters are great with a brush, we should be GREAT with the tools we use at work. Expert "power" users of tools are often more productive, perform better and have greater job satisfaction. Yet so many of us settle for being mediocre users of the systems we depend on every single day. If you want to be even more awesome than you already are, why not focus on mastering your trade tools? I'm talking about your laptop, mobile phone and software systems at your workplace. The difference between an average user and a power user isn't just marginal – it's transformational. The rise of new AI power tools just reinforces the strong benefits of becoming a power user. The path to power user status How do you develop your skills to become a super user and master these trade tools? The journey starts with mindset and motivation. Set a goal to be GREAT with the tools you need to use in your day-to-day work life. With a growth mindset, embrace experimentation and stay in that magic learning zone for part of your working week. Remember, every expert was once a beginner who refused to give up. Start with the fundamentals. Your laptop and mobile phone are your primary workhorses. Learn the operating system properly – whether it's Windows or MacOS for 99% of us. Master those handy keyboard shortcuts and mouse gestures that can shave seconds off every task. Those seconds add up to hours, which add up to days over the course of a year and even more over your career. Here's something that might sound basic but is absolutely crucial: get your typing speed match-fit. This single skill will pay dividends in time savings for the rest of your career. You'll be faster at getting stuff done, period. In our digital-first world, your typing speed is like your running speed in athletics – it's foundational to everything else you do. For each software product you rely on, whether it's Microsoft 365 or any other platform, a similar learning approach applies. Try things, learn the shortcuts, click on buttons and see what happens. Read the tool tips and help articles – they're there for a reason. Complete online learning courses when they're available. Don't be shy about asking your software vendor for suggestions – they want you to succeed with their product. YouTube videos can be incredibly helpful, though you'll need to sift through to find the quality content. And never underestimate the power of tapping your colleague on the shoulder and asking, "Hey, how do you do this?" Sometimes the person sitting next to you knows a trick that could save you hours every week. As your new superpowers develop, something interesting happens. You become the expert that workmates come to for help. You become more productive and efficient with your time. You know the fastest way to get things done. You know when to use a hammer and when to use a jackhammer, and you're an expert at both. The insurance broker's essential toolkit For those in the insurance broking world, what are the most important trade tools you need to master? In my experience, there are four critical systems that form the backbone of successful insurance broking: First, the Policy Management System (PMS) – what I like to call the "policy operating system." This is your primary system of record for the full lifecycle of policies and claims. It's where the magic happens, where relationships are managed, and where your business lives and breathes. Second, a Document Management System (DMS) for workflow management and maintaining read-only, audited records of documents and client interactions. In our compliance-heavy industry, this isn't just helpful – it's essential. Third, Microsoft 365 – email, documents, presentations, spreadsheets and online meetings. These are the communication and collaboration tools that keep your business moving and your clients informed. Fourth, your devices – laptop and mobile phone. These are your windows into all the other systems, and mastering them amplifies everything else you do. JAVLN offers both the PMS and DMS solutions. Together, they form a powerful, cloud-based broker operating system that does many things, and we're investing to make it even better. We've also built important integrations with Microsoft 365 because we understand that your tools shouldn't work in isolation. This isn't just another technology pitch – it's about reimagining how brokerages operate. Our research found that 70% of brokers spend over three hours a day on admin tasks. That's not productive, and it's not what your clients are paying for. They want your expertise and advice, not your data entry skills. What makes our product vision different is how these tools integrate into a cohesive whole, where data flows seamlessly between platforms, eliminating redundancy, duplication and creating a single source of truth. When your systems talk to each other properly, you can focus on what you do best: advising clients and building relationships. We want to help our end users develop their broker superpowers, using JAVLN's software in combination with your other trade tools to give you a genuine boost in performance and productivity. This is the journey we're on together. We practice what we preach at JAVLN At JAVLN, we're living proof of the power user philosophy. Being a software company with staff spread around the world, our main trade tools are all cloud-based and integrated: Google Workspace for email, documents, presentations, spreadsheets and online meetings; Google Gemini for AI capabilities; Slack for team communication; Atlassian tools including JIRA and Confluence for project management and knowledge sharing; and of course, our laptops as the gateway to everything else. Our trade tools are in the cloud, web-based, well integrated and secure with multi-factor authentication. We don't have servers in our office and we don't rely on VPNs or virtual desktop solutions. All these tools have handy companion apps on mobile phones too, meaning our team can be productive from anywhere. The result? By helping our teams adopt these tools as power users and use them to their full potential, we operate as a more productive business. We're more efficient with our time, we collaborate better as teams, and we can focus on delivering maximum value to our customers. We want our JAVLN customers to benefit from a similar setup, with trade tools purpose-built for brokers and all the jobs that need to be done in your daily workflow. The AI revolution: Your new power tools Where do AI tools fit into this picture? The recent rise of AI tools has been absolutely game-changing for those who have adopted them properly. The most popular for everyday use are Microsoft's Copilot, OpenAI's ChatGPT and Google's Gemini, but new tools are emerging constantly. Sticking with our analogy, AI represents a completely new category of power tool. If you already have a toolbox with standard power tools, AI tools are like adding a jackhammer or even a bulldozer to your arsenal. When used to its full potential, they provide enormous step changes in speed and quality, giving us genuinely superhuman capabilities when used properly. With great power comes great responsibility. That's why having a safe use policy in place is crucial – proper AI governance isn't optional in today's business environment. At JAVLN, we're driving forward with developing our employees to be "AI natives." We strongly encourage adoption of AI tools specific to each role and provide bite-sized training to build competency. We want our employees to master these AI trade tools using a similar approach to learning any software system: experiment and try things, learn the shortcuts, read the documentation, complete training courses, ask vendors for guidance, watch quality YouTube content, and collaborate with colleagues. The learning approach remains the same, but the potential impact is exponentially greater. The future belongs to the masters Over the coming next few years or less, it would be fantastic to see our JAVLN customers become "AI natives" as well, and masters of their trade tools. It's a superhuman boost that can make insurance brokers be better advisors. The professionals who master these tools will have a clear advantage – they'll analyse risks faster, generate proposals quicker, and provide clients with insights that used to take days to compile. This isn't futuristic thinking – these capabilities are available right now for those willing to learn. Your trade tools are waiting. The only question is: are you ready to master them?
